I am trying to solve a mystery. We have 2 replicated FreeIPA servers.

Today they both stopped receiving requests because the Directory Server
had begun to refuse connections.

The relevant message is "Not listening for new connections - too many
fds open"


That's all well and good: I can increase the file descriptor allowance.

However, the reason the fds limit was reached was a massive number of
connections from the servers themselves.

Can someone provide me with an idea for what this might be?


We received 1024 connections in under 1 second: Here is an example
dirsrv access log entry:


[22/Oct/2009:12:29:53 +0200] conn=679021 fd=464 slot=464 connection from to

[22/Oct/2009:12:29:53 +0200] conn=679021 op=0 BIND

24,dc=net" method=128 version=3

[22/Oct/2009:12:29:53 +0200] conn=679021 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=kdc,cn=




Some final notes:

Both servers stopped one after the other. First server A, then 1 second
afterwards, server B.


I'm pretty stuck as to what might have caused this.





